---
layout: docs
page_title: Use Keycloak for OIDC authentication
description: >-
  Configure Vault to use Keycloak as an OIDC provider.
---

# Use Keycloak for OIDC authentication

1. Select/create a Realm and Client. Select a Client and visit Settings.
1. Client Protocol: openid-connect
1. Access Type: confidential
1. Standard Flow Enabled: On
1. Configure Root URL such as `http://vault.example.com`
1. Configure Valid Redirect URIs such as
    - `http://vault.example.com/ui/vault/auth/oidc/oidc/callback`
    - `http://vault.example.com/oidc/oidc/callback`
1. Save.
1. Visit Credentials. Select Client ID and Secret and note the generated secret.
